Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang...
virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information....
The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might...
The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value. Date published...
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many...
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via unknown vectors. Date published : 2012-06-29 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenticated users to gain privileges and obtain sensitive information via unknown vectors. Date published : 2012-06-29 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated users to have an unspecified impact via unknown vectors. Date published : 2012-06-29 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote attackers to cause a denial of service, or possibly obtain sensitive information or modify data, via unknown vectors. Date published : 2012-06-29...
HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. Date...
slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to...
The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password. Date published : 2012-06-29 http://www.securityfocus.com/bid/52313 http://www.mantisbt.org/bugs/changelog_page.php?version_id=140
bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the report_bug_threshold and move_bug_threshold privileges for a...
MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories. Date published : 2012-06-29 http://www.securityfocus.com/bid/52313 http://www.mantisbt.org/bugs/changelog_page.php?version_id=140